Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-06 16:48:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
zeek/testing
History
Jon Siwek 35827eeb31 Add rate-limiting sampling mechanism for weird events 
The generation of weird events, by default, are now rate-limited
according to these tunable options:

  - Weird::sampling_whitelist
  - Weird::sampling_threshold
  - Weird::sampling_rate
  - Weird::sampling_duration

The new get_reporter_stats() BIF also allows one to query the
total number of weirds generated (pre-sampling) which the new
policy/misc/weird-stats.bro script uses periodically to populate
a weird_stats.log.

There's also new reporter BIFs to allow generating weirds from the
script-layer such that they go through the same, internal
rate-limiting/sampling mechanisms:

  - Reporter::conn_weird
  - Reporter::flow_weird
  - Reporter::net_weird

Some of the code was adapted from previous work by Johanna Amann.
2018-07-26 19:57:36 -05:00
..
btest Add rate-limiting sampling mechanism for weird events 2018-07-26 19:57:36 -05:00
external Relocate temporary script coverage files 2018-06-01 11:30:36 -05:00
scripts Teach timestamp canonifier about timestamps before ~2001 2018-07-26 15:15:41 -05:00
.gitignore Test coverage integration for external tests and complete suite. 2012-01-12 11:58:13 -06:00
Makefile Fix portability issue with use of mktemp 2016-01-28 14:32:22 -06:00
README

README 

This directory contains suites for testing for Bro's correct
operation:

    btest/
        An ever-growing set of small unit tests testing Bro's
        functionality.

    external/
        A framework for downloading additional test sets that run more
        complex Bro configuration on larger traces files. Due to their
        size, these are not included directly. See the README for more
        information. 

    scripts/
        Helpers scripts used by some tests.